search

hashicorp / terraform-provider-consul

Terraform Consul provider
https://www.terraform.io/docs/providers/consul/
Mozilla Public License 2.0
124 stars 112 forks source link

Access logs not able to be configured by consul_config_entry #343

Closed nicolasscott closed 1 year ago

nicolasscott commented 1 year ago

It appears that new features in consul 1.15 are not yet implemented in the provider, amongst those are the ability to enable access logs.

https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_15_x

Terraform Version

Terraform v1.4.2 on darwin_amd64

Affected Resource(s)

Terraform Configuration Files

terraform {
  required_providers {
    consul = {
      source  = "hashicorp/consul"
      version = "2.17.0"
    }
  }
}

provider "consul" {}

resource "consul_config_entry" "proxy_defaults" {
  name = "global"
  kind = "proxy-defaults"

  config_json = jsonencode({
    AccessLogs = {
      Enabled = true,
      Type    = "stdout"
    },
    Expose = {},
    MeshGateway = {},
    TransparentProxy = {},
  })
}

Debug Output

...
consul_config_entry.proxy_defaults: Modifying... [id=proxy-defaults-global]
2023-05-01T13:16:56.145-0700 [INFO]  Starting apply for consul_config_entry.proxy_defaults
2023-05-01T13:16:56.146-0700 [DEBUG] consul_config_entry.proxy_defaults: applying the planned Update change
2023-05-01T13:16:56.813-0700 [WARN]  Provider "provider[\"registry.terraform.io/hashicorp/consul\"]" produced an unexpected new value for consul_config_entry.proxy_defaults, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .config_json: was cty.StringVal("{\"AccessLogs\":{\"Enabled\":true,\"Type\":\"stdout\"},\"Expose\":{},\"MeshGateway\":{\"Mode\":\"local\"},\"TransparentProxy\":{}}"), but now cty.StringVal("{\"Expose\":{},\"MeshGateway\":{\"Mode\":\"local\"},\"TransparentProxy\":{}}")
consul_config_entry.proxy_defaults: Modifications complete after 1s [id=proxy-defaults-global]
2023-05-01T13:16:56.855-0700 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-05-01T13:16:56.862-0700 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/consul/2.17.0/darwin_amd64/terraform-provider-consul_v2.17.0_x4 pid=53563
2023-05-01T13:16:56.862-0700 [DEBUG] provider: plugin exited

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Outputs:
...

Panic Output

Expected Behavior

Same as If I apply with with consul cli. eg:

consul config write global.hcl

where global.hcl contains:

Kind      = "proxy-defaults"
Name      = "global"
AccessLogs {
  Enabled = true
  Type = "stdout"
}

then consul config read -kind proxy-defaults -name global

{
    "Kind": "proxy-defaults",
    "Name": "global",
    "TransparentProxy": {},
    "MeshGateway": {
        "Mode": "local"
    },
    "Expose": {},
    "AccessLogs": {
        "Enabled": true,
        "Type": "stdout"
    },
    "CreateIndex": 174100,
    "ModifyIndex": 174997
}

Actual Behavior

After the terraform apply, access logs config is empty.

consul config read -kind proxy-defaults -name global

{
    "Kind": "proxy-defaults",
    "Name": "global",
    "TransparentProxy": {},
    "MeshGateway": {},
    "Expose": {},
    "AccessLogs": {},
    "CreateIndex": 174100,
    "ModifyIndex": 175054
}

Steps to Reproduce

0 .This is a bit janky, but in order to get the provider to see that there is a change we need to seed a change. I've done this by applying the following config with consul write blank.hcl, where blank.hcl contains:

Kind      = "proxy-defaults"
Name      = "global"
MeshGateway {
    Mode = "local"
}
  1. terraform apply
  2. consul config read -kind proxy-defaults -name global

You'll actually see the expected plan, but the access log config won't be applied.

Terraform will perform the following actions:

  # consul_config_entry.proxy_defaults will be updated in-place
  ~ resource "consul_config_entry" "proxy_defaults" {
      ~ config_json = jsonencode(
          ~ {
              + AccessLogs       = {
                  + Enabled = true
                  + Type    = "stdout"
                }
              ~ MeshGateway      = {
                  - Mode = "local"
                }
                # (2 unchanged attributes hidden)
            }
        )
        id          = "proxy-defaults-global"
        name        = "global"
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Important Factoids

n/a

References

n/a

remilapeyre commented 1 year ago

Thanks for reporting this @nicolasscott, I will publish a new release that supports this attribute in the coming days.